A phony US tech worker was caught out by Amazon because his keyboard was responding too slowly. The delay speed was 110 milliseconds, roughly the same time it takes to blink.
Bizarrely, the North Korean impostor was working as a sysadmin for Amazon and was flagged by the slow keystrokes.
Typically, standard remote workers usually send back signals in tens of milliseconds, so the lag was an instant warning sign.
This was a technical detection, not a tip-off about the person's identity. The lag occurred because the worker was physically in North Korea or a third country (like China or Russia), routing their connection through a US-based computer ("jump box" or proxy) to appear local.
In a separate incident in July, facilitator Christina Chapman, an American woman in Arizona, was caught hosting a self-made "laptop farm" in her home, comprising a hefty total of 90 computers.
This unique operation was helping North Koreans infiltrate over 300 US companies, including some Fortune 500 firms, with Amazon being one of the targets.
North Korea runs a state-sponsored "IT Warrior" program to bypass sanctions and fund weapons. Amazon itself has blocked 1,800 attempts in the last few months.
Notably, North Koreans utilize these domestic enablers to host physical laptops, thereby masking the IP address as local. However, the signals still must travel across the Pacific, resulting in detectable lag.
The industrial scale of these revenue-generating schemes extends far beyond a single household in Arizona. In June 2025, the FBI raided 21 different "laptop farms" across 14 states and seized 137 computers.
This is a nationwide network of American collaborators, including farms in New Jersey, Florida, and Georgia, who host these devices to spoof a US location.
The US government has launched a dedicated task force called the "DPRK RevGen" specifically to hunt down these American abettors.
Perpetrators like Zhenxing Wang and Erick Prince have been arrested for creating shadow companies with suspicious hosting to make these "IT Warriors" appear to be real US-based consultants.
These operatives aren't just there to make bucks. Once inside, these workers have successfully stolen AI source code from California-based defense contractors and hijacked $900,000 in cryptocurrency from an Atlanta blockchain firm by modifying its internal smart contracts.
Curious what others think about this story? Contribute your thoughts to the debate below.
When companies are finally alerted to the crime and terminate the offender, the operatives often drop the act and threaten to leak proprietary code unless they’re paid a ransom.
They have moved from being "model employees" to active digital extortionists.
Amazon’s discovery of a single 110ms lag is a rare catch that could unravel a massive, invisible workforce.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked